Threats Posed by Distributed Denial-of-Service (DDoS) Attacks on Financial Institutions

Bad actors targeting financial institutions with distributed denial-of-service (DDoS) attacks have significantly increased their activities over the past decade. According to research from the Financial Services Information Sharing and Analysis Center (FS-ISAC) and cybersecurity firm Akamai, DDoS attack incidents soared from 2014 through 2024, peaking in October with a recorded 350 events.

The financial sector was overwhelmingly the most targeted by these attacks, which involved thousands or even millions of malicious activities per incident. While DDoS typically targets websites, there were also frequent attacks on APIs used for services like logins and payments.

Multipronged Cyber Assaults

APIs serve as the critical connections in modern banking infrastructure, enabling financial institutions to interact with partners for various services, including credit scoring and peer-to-peer transactions. Despite their importance, the rapid adoption of APIs has expanded the potential attack vector for malicious actors.

Although many financial institutions can easily mitigate simple DDoS attacks, the study highlighted that these assaults are becoming increasingly sophisticated. Teresa Walsh, FS-ISAC’s Chief Intelligence Officer and Managing Director, EMEA, stated in a prepared statement: “DDoS attacks are evolving into multi-dimensional assaults that exploit vulnerabilities across the entire supply chain.”

Outsourcing Cybercrime Operations

The ease of DDoS attacks also means that cybercriminals can outsource their operations more readily. The rise in DDoS usage as a component of the growing cybercrime-as-a-service model has made it difficult to trace perpetrators. Financial institutions will need to continue developing innovative strategies to defend against these increasingly complex threats.